• Journal of Information Processing Systems
• /
• 제17권4호
• /
• pp.772-786
• /
• 2021

The process of tracking suspicious behavior manually on a system and gathering evidence are labor-intensive, variable, and experience-dependent. The system logs are the most important sources for evidences in this process. However, in the Microsoft Windows operating system, the action events are irregular and the log structure is difficult to audit. In this paper, we propose a model that overcomes these problems and efficiently analyzes Microsoft Windows logs. The proposed model extracts lists of both common and key events from the Microsoft Windows logs to determine detailed actions. In addition, we show an approach based on the proposed model applied to track illegal file access. The proposed approach employs three-step tracking templates using Elastic Stack as well as key-event, common-event lists and identify event lists, which enables visualization of the data for analysis. Using the three-step model, analysts can adjust the depth of their analysis.

• 한국정보통신학회논문지
• /
• 제19권9호
• /
• pp.2064-2072
• /
• 2015

대부분의 Web Service는 성능 개선을 위해 사용자 접속 로그를 생성하여 관리한다. 생성된 접속 로그를 통해 트래픽이 많이 발생하는 시간대와 어떤 Resource가 많이 사용되는지 확인할 수 있으며 로그 분석을 통해 Web Service의 성능 측정 및 개선하는데 이용된다. 하지만, 많은 공공부문 Web Service와 같이 일정 기간 동안에 접속량이 증가할 때, 처리 할 사용자 접속 로그 수 증가로 인해 Web Service의 성능이 저하된다. 이를 해결하기 위해, 시스템의 성능을 개선하거나 튜닝을 필요로 하지만 많은 비용이 발생하게 되며 일정한 시간이 지나면, 사용자의 접속이 줄어들게 되어 더 많은 비용이 발생한다. 본 논문에서는 사용자 접속 로그 처리의 성능을 개선을 통한 Web Service의 성능개선을 제안한다. 또한, 최근 대용량 데이터를 처리하기 위하여 많이 사용되고 있는 Redis를 활용하여 NoSQL을 일부 적용한 방법을 제안한다.

• International journal of advanced smart convergence
• /
• 제7권4호
• /
• pp.101-107
• /
• 2018

Visitors to a Web site leave access logs documenting their activity in the site. These access logs provide a valuable source of information about the visitors' access patterns in the Web site. In addition to the pages that the user visited, it is generally possible to discover the geographical locations of the visitors. Web servers also records other information such as the entry into the site, the URL, the used operating system and the browser, etc. There are several Web mining techniques to extract useful information from such information and visualization of a Web log is one of those techniques. This paper presents a technique as well as a case a study of visualizing a Web log.

• 한국정보과학회논문지:데이타베이스
• /
• 제37권5호
• /
• pp.221-227
• /
• 2010

인터넷 사용의 급증과 더불어 보다 편리한 인터넷 서비스를 위한 여러 연구가 활발히 진행되어 왔다. 웹 로그 데이터로부터 빈번하게 발생되는 웹 페이지들의 방문 시퀀스를 탐색하는 기법 역시 효과적인 웹 사이트를 설계하기 위한 목적으로 많이 연구되어 왔다. 그러나 기존의 방법들은 모두 여러 번의 데이터베이스 스캔을 필요로 하는 방법으로 지속적으로 생성되는 웹 로그 데이터로부터 빠르게 실시간적으로 웹 페이지 방문 시퀀스를 탐색하기에는 많은 어려움이 있었다. 또한 점진적(incremental)이고 대화형식(interactive)의 탐색 기법 역시 지속적으로 생성되는 웹 로그 데이터를 처리하기 위하여 필요한 기능들이다. 본 논문에서는 지속적으로 생성되는 웹 로그 데이터로부터 단일 스캔을 통하여 빈번히 발생하는 웹 페이지 방문 시퀀스를 점진적이고 대화 형식적인 방법으로 탐색하는 방법을 제안한다. 제안하는 방법은 WTS(web traversal sequence)-트리 구조를 사용하며 다양한 실험을 통하여 기존의 방법들에 비해 성능적으로 우수하고 효과적인 방범임을 증명한다.

• Journal of the Korean Data and Information Science Society
• /
• 제16권1호
• /
• pp.157-163
• /
• 2005

In the Web, the data is generally gathered automatically by Web servers and collected in server or access logs. However, as users access larger and larger amounts of data, query response times to extract information inevitably get slower. A method to resolve this issue is the use of summary tables. In this short note, we design a prototype of summary tables that can efficiently extract information from Web log data. We also present the relative performance of the summary tables against a sampling technique and a method that uses raw data.

• 한국도서관정보학회지
• /
• 제25권
• /
• pp.83-107
• /
• 1996

The purpose of this study is to experiment online public access catalog enhancements to improve its subject access capability. Three catalog databases, enhanced with title keywords, controlled vocabulary, and content words with controlled vocabulary respectively, were implemented. 18 searchers performed 2 subject searshes against 3 different catalog databases. And the transaction logs are analyzed. The results of the study can be summarized as follows : Controlled vocabulary catalog database achieved 41.8% recall ratio in average ; the addition of table of contents words to the controlled vocabulary is an effective technique with increasing recall ration upto 55% without decreasing precision ; and the database enhanced with title keywords shows 31.7% recall ratio in average. Of the three kinds of catalog databases, only the catalog with contents words produced 2 unique relevant documents. The results indicate that both user training and system development is required to have better search performance in online public access catalog.

• Journal of Computing Science and Engineering
• /
• 제11권3호
• /
• pp.92-99
• /
• 2017

Memcached, commonly used to speed up the data access in big-data and Internet-web applications, is a system software of the distributed-cache mechanism. But it is subject to the severe challenge of the loss of recently uncommitted updates in the case where the Memcached servers crash due to some reason. Although the replica scheme and the disk-log-based replay mechanism have been proposed to overcome this problem, they generate either the overhead of the replica synchronization or the persistent-storage overhead that is caused by flushing related logs. This paper proposes a scheme of backing up the write requests (i.e., set and add) on the Memcached client side, to reduce the overhead resulting from the making of disk-log records or performing the replica consistency. If the Memcached server fails, a timestamp-based recovery mechanism is then introduced to replay the write requests (buffered by relevant clients), for regaining the lost-data updates on the rebooted Memcached server, thereby meeting the data-consistency requirement. More importantly, compared with the mechanism of logging the write requests to the persistent storage of the master server and the server-replication scheme, the newly proposed approach of backing up the logs on the client side can greatly decrease the time overhead by up to 116.8% when processing the write workloads.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제18권6호
• /
• pp.1599-1618
• /
• 2024

Access control has always been one of the effective methods to protect data security. However, in new computing environments such as big data, data resources have the characteristics of distributed cross-domain sharing, massive and dynamic. Traditional access control mechanisms are difficult to meet the security needs. This paper proposes CACM-MMSR to solve distributed cross-domain access control problem for massive resources. The method uses blockchain and smart contracts as a link between different security domains. A permission decision model migration method based on access control logs is designed. It can realize the migration of historical policy to solve the problems of access control heterogeneity among different security domains and the updating of the old and new policies in the same security domain. Meanwhile, a semantic reasoning-based permission decision method for unstructured text data is designed. It can achieve a flexible permission decision by similarity thresholding. Experimental results show that the proposed method can reduce the decision time cost of distributed access control to less than 28.7% of a single node. The permission decision model migration method has a high decision accuracy of 97.4%. The semantic reasoning-based permission decision method is optimal to other reference methods in vectorization and index time cost.

• 인터넷정보학회논문지
• /
• 제24권1호
• /
• pp.17-26
• /
• 2023

A smart city is a massive internet of things (IoT) environment, where all terminal devices are connected to a network to create and share information. In accordance with massive IoT environments, millions of IoT devices are connected, and countless data are generated in real time. However, since heterogeneous IoT devices are used, collecting the logs for each IoT device is difficult. Due to these issues, when an IoT device is invaded or is engaged in malicious behavior, such as infection with malware, it is difficult to respond quickly, and additional damage may occur due to information leakage or stopping the IoT device. To solve this problem, in this paper, we propose identifying the attack technique used for initial access to IoT devices through MITRE ATT&CK, collect the logs that can be generated from the identified attack technique, and use them to identify the cause of malware infection.

• International Journal of Knowledge Content Development & Technology
• /
• 제4권1호
• /
• pp.23-37
• /
• 2014

The Trust and Authority in Scholarly Communications in the Light of the Digital Transition research project1) was a study which investigated the behaviours and attitudes of academic researchers as producers and consumers of scholarly information resources in respect to how they determine authority and trustworthiness. The research questions for the study arose out of CIBER's studies of the virtual scholar. This paper focuses on elements of this study, mainly an analysis of a scholarly publisher's usage logs, which was undertaken at the start of the project in order to build an evidence base, which would help calibrate the main methodological tools used by the project: interviews and questionnaire. The specific purpose of the log study was to identify and assess the digital usage behaviours that potentially raise trustworthiness and authority questions. Results from the self-report part of the study were additionally used to explain the logs. The main findings were that: 1) logs provide a good indicator of use and information seeking behaviour, albeit in respect to just a part of the information seeking journey; 2) the 'lite' form of information seeking behaviour observed in the logs is a sign of users trying to make their mind up in the face of a tsunami of information as to what is relevant and to be trusted; 3) Google and Google Scholar are the discovery platforms of choice for academic researchers, which partly points to the fact that they are influenced in what they use and read by ease of access; 4) usage is not a suitable proxy for quality. The paper also provides contextual data from CIBER's previous studies.